IMPERIAL KITTEN Deploys Novel Malware Families in Middle East-Focused Operations
Blog Published: 12/14/2023
Originally published by CrowdStrike.CrowdStrike Counter Adversary Operations has been investigating a series of cyberattacks and strategic web compromise (SWC) operations targeting organizations in the transportation, logistics and technology sectors that occurred in October 2023. Based on a deta...
Resilient Container Security: Why You Need a Preventive Approach
Blog Published: 12/13/2023
Written by Christina DePinto, Product Marketing Manager, Tenable Cloud Security. As organizations move to the cloud, container adoption is skyrocketing. A recent study conducted by Forrester Consulting on behalf of Tenable surveyed 825 IT and cybersecurity pros worldwide1 and found that 32% of o...
The Perils and Protections of Privileged Accounts
Blog Published: 12/13/2023
Written by Alex Vakulov. Privileged users are the Achilles heel of any company. There are specialized IT systems on the market for managing privileged access - PAM (Privileged Access Management). Nowadays, PAM is no longer just about account management; it is a cybersecurity strategy for regulati...
AI at Work: Three Steps to Prepare and Protect Your Business
Blog Published: 12/12/2023
Originally published by Forbes.Written by Yaki Faitelson, Co-Founder and CEO of Varonis. In terms of hype, nothing is hotter than AI right now; blockchain has some weak links, the metaverse isn't singing in this part of the multiverse, and even big data seems small. As the CEO of a leading cybers...
Why Your Public Partners Care About Your Cybersecurity Approach
Blog Published: 12/12/2023
Originally published by CXO REvolutionaries. Written by Kavitha Mariappan, EVP, Customer Experience and Transformation, Zscaler. While the connection between cybersecurity, environmental, social, and governance (ESG) issues, and private companies may not be immediately obvious, they influence one...
Artificial Intelligence Leaders Partner with Cloud Security Alliance to Launch the AI Safety Initiative
Press Release Published: 12/12/2023
Program for responsible, safe and forward-looking research, best practices, education, professional credentialing and organizational certification for generative AI is underwaySEATTLE – Dec. 12, 2023 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining stand...
Embed Security from Code to Cloud with Unified CNAPPs
Blog Published: 12/12/2023
Originally published by CSO Online. Written by Giulio Astori, Principal Program Manager, Microsoft Security. A decade ago, most companies relied on individual point solutions to secure specific aspects of their cloud environment. They might have one solution for vulnerability management, another ...
Natural Disasters: A Perfect Storm for Data Breaches
Blog Published: 12/11/2023
Written by Rocco Alfonzetti, CCSK, CCAK, CDPSE, Security Officer at Paperclip, Inc. and Member of the CSA Data Security Working Group. The recent wildfires on Maui have had a devastating impact on the island, both in terms of human life and property damage. However, the fraud implications of thes...
Why Cloud-Forward Tech Teams Need to Abandon Traditional IAM and PAM
Blog Published: 12/11/2023
Originally published by Britive.Most modern tech teams are aware that the cloud has become the backbone of innovation, scalability, and agility. However, with great power comes great responsibility, particularly when it comes to securing cloud resources and data. This is precisely where Identity ...
Biden’s “Sweeping” AI Executive Order is Here. Is the Cybersecurity Industry Ready?
Blog Published: 12/08/2023
Originally published by Synack on October 31, 2023. Written by Katie Bowen, Vice President, Public Sector, Synack. President Biden made his biggest move yet on artificial intelligence this week, issuing an executive order that trains the full scope of the administration’s authority on emerg...
Compromising Identity Provider Federation
Blog Published: 12/08/2023
Originally published by CrowdStrike. CrowdStrike’s Incident Response team has seen a recent increase in cases involving adversaries that abuse identity provider federation to gain access to protected services by adding and authorizing rogue domains to federation. From these cases, patterns have e...
Are You a Fit for CSA’s Advanced Cloud Security Practitioner (ACSP) Training?
Blog Published: 12/07/2023
Over a decade ago, there was a significant lack of cloud security skills and knowledge within the industry. We developed the CCSK+ training class as a “101” level training to help security professionals move into the world of cloud computing and gain an understanding of cloud fundamentals. The C...
The Road to Autonomous Cloud Security Remediation
Blog Published: 12/07/2023
Originally published by Dazz.Written by Tomer Schwartz, Co-founder & CTO, Dazz. Back in the data center days, a typical enterprise had one or two applications and one or two engineering teams to deploy them. When there was a vulnerability, an engineer could simply log into a server and fix it...
A Recap of Recent Cybersecurity Incidents at Universities
Blog Published: 12/07/2023
Originally published by Schellman. When considering cybersecurity, many may first think of cutting-edge tech companies. Healthcare providers may spring to mind for others and government agencies for still others. But strong cybersecurity—if it’s not already—is becoming paramount in every sector, ...
11 Attacks in 13 Months: The New Generation of Supply Chain Attacks
Blog Published: 12/06/2023
Originally published by Astrix. Written by Dana Katz. A new generation of supply chain attacks has been rising in recent years. In such attacks, hackers abuse third-party & internal non-human access as a means of accessing core business systems. While many conversations about supply chain sec...
Why CISOs Are Investing in AI-Native Cybersecurity
Blog Published: 12/06/2023
Originally published by Abnormal Security. Written by Mick Leach. Artificial intelligence is full of promise. By leveraging machine learning to replicate human intelligence, AI has considerable potential to make our lives easier by empowering us to simplify and even automate complex tasks.But as ...
What are the Keys to Success with SOC 2 Reporting?
Blog Published: 12/05/2023
Originally published by MJD.Q: What are the keys to success with SOC 2 Reporting?A: MJD AnswerIt’s natural to feel pressure from your organization's SOC 2 exam. There are people counting on it, the expectations are not always clear, and the idea of potential “failure” will always introduce stre...
The Top 3 SaaS Security Challenges
Blog Published: 12/05/2023
Originally published by Suridata.Written by Haviv Ohayon, Co-Founder & COO, Suridata.Software-as-a-Service (SaaS) applications present a number of potentially serious security challenges. The risks posed by SaaS arise out of a combination of factors. For one thing, SaaS is popular, with most ...
A Seven Step Approach to IoT Security
Blog Published: 12/05/2023
Written by Ravishankar (Ravi) Chamarajnagar, Chief Product Officer, AppViewX. The Internet of Things (IoT) revolution has transformed the world with everything from our smart homes and wearables to industrial automation and the potential of smart cities. According to IoT Analytics, active IoT end...
LABRAT: Stealthy Cryptojacking and Proxyjacking Campaign Targeting GitLab
Blog Published: 12/04/2023
Originally published by Sysdig. Written by Miguel Hernández. The Sysdig Threat Research Team (TRT) recently discovered a new, financially motivated operation, dubbed LABRAT. This operation set itself apart from others due to the attacker’s emphasis on stealth and defense evasion in their attacks....